package com.ws.framework.controller;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
@RequestMapping("auth")
public class ShiroController {

	private static final Logger logger = LoggerFactory.getLogger(ShiroController.class);

	@RequestMapping(value = "/toLogin", method = RequestMethod.GET)
	public String toLogin(Model model) {
		return "ftl/login";
	}

	@RequestMapping(value = "/doLogin", method = RequestMethod.POST)
	public String doLogin(String username, String pwd, HttpServletRequest request) {
		String hex = new DefaultHashService()
				.computeHash(new HashRequest.Builder().setSource(ByteSource.Util.bytes(pwd)).build()).toHex();
		UsernamePasswordToken token = new UsernamePasswordToken(username, hex);
		Subject currentUser = SecurityUtils.getSubject();
		try {
			logger.info("对用户 {} 进行登录验证..验证开始", username);
			currentUser.login(token);
			currentUser.getSession().removeAttribute("message");
			logger.info("对用户{} 进行登录验证..验证通过", username);
		} catch (UnknownAccountException uae) {
			logger.info("对用户{}进行登录验证..验证未通过,未知账户", username);
			request.setAttribute("message", "未知账户");
		} catch (IncorrectCredentialsException ice) {
			logger.info("对用户{}进行登录验证..验证未通过,错误的凭证", username);
			request.setAttribute("message", "密码不正确");
		} catch (LockedAccountException lae) {
			logger.info("对用户{}进行登录验证..验证未通过,账户已锁定", username);
			request.setAttribute("message", "账户已锁定");
		} catch (ExcessiveAttemptsException eae) {
			logger.info("对用户{}进行登录验证..验证未通过,错误次数过多", username);
			request.setAttribute("message", "用户名或密码错误次数过多");
		} catch (AuthenticationException ae) {
			logger.info("对用户{}进行登录验证..验证未通过,堆栈轨迹如下", username);
			request.setAttribute("message", "用户名或密码不正确");
		}
		if (currentUser.isAuthenticated()) {
			logger.info("用户{}登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)", username);
			return "redirect:/code/index";
		} else {
			token.clear();
			request.setAttribute("username", username);
			request.setAttribute("pwd", pwd);
			return "ftl/login";
		}
	}

	@RequestMapping(value = "/logout", method = RequestMethod.GET)
	public String logout(HttpServletRequest request) {
		// 使用权限管理工具进行用户的退出，跳出登录，给出提示信息
		SecurityUtils.getSubject().logout();
		request.setAttribute("message", "您已安全退出");
		return "redirect:/auth/login";
	}

	@RequestMapping("/403")
	public String unauthorizedRole() {
		logger.info("------没有权限-------");
		return "ftl/403";
	}

}